Full_Name: Daniel Jonathan Kurtz Version: 2.4.45 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2401:fa00:1:b:dcfc:ce39:b80:8f26) openldap 2.4.45 fails to link when built against openssl 1.1 built w/ the default "no-egd" option: libtool: link: x86_64-cros-linux-gnu-clang -O2 -pipe -O2 -pipe -march=corei7 -g -fno-exceptions -fno-unwind-tables -fno-asynchronous-unwind-tables -clang-syntax -Wl,-O1 -Wl,-O2 -Wl,--as-needed -o .libs/ltest test.o ./.libs/libldap.so libraries/liblber/.libs/liblber.so ../../libraries/liblber/.libs/liblber.so ../../libraries/liblutil/liblutil.a -lssl -lcrypto -lresolv ./.libs/libldap.so: error: undefined reference to 'RAND_egd' RAND_egd does not exist because OpenSSL was built with the default settings which, as of 1.1, has "EGD" disabled by default [0]. [0] 0423f812dc Add a no-egd option to disable EGD-related code *) EGD is no longer supported by default; use enable-egd when configuring. [Ben Kaduv and Rich Salz] The RAND_egd reference is in libraries/libldap/tls_o.c: static int tlso_seed_PRNG( const char *randfile ) { #ifndef URANDOM_DEVICE /* no /dev/urandom (or equiv) */ long total=0; char buffer[MAXPATHLEN]; if (randfile == NULL) { /* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd. * If $HOME is not set or buffer too small to hold the pathname, * an error occurs. - From RAND_file_name() man page. * The fact is that when $HOME is NULL, .rnd is used. */ randfile = RAND_file_name( buffer, sizeof( buffer ) ); } else if (RAND_egd(randfile) > 0) { /* EGD socket */ return 0; } if (randfile == NULL) { Debug( LDAP_DEBUG_ANY, "TLS: Use configuration file or $RANDFILE to define seed PRNG\n", 0, 0, 0); return -1; } ... It seems like we should be able to make the "else if (RAND_egd(randfile) > 0)" block conditional on "#if !defined(OPENSSL_NO_EGD)" to work around this issue
--On Friday, July 07, 2017 8:45 AM +0000 djkurtz@google.com wrote: > Full_Name: Daniel Jonathan Kurtz > Version: 2.4.45 > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2401:fa00:1:b:dcfc:ce39:b80:8f26) Out of curiosity, what OS were you compiling on that didn't have /dev/urandom available? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
On Tue, Sep 19, 2017 at 4:43 PM, Quanah Gibson-Mount <quanah@symas.com> wrote: > > --On Friday, July 07, 2017 8:45 AM +0000 djkurtz@google.com wrote: > >> Full_Name: Daniel Jonathan Kurtz >> Version: 2.4.45 >> OS: linux >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (2401:fa00:1:b:dcfc:ce39:b80:8f26) > > > Out of curiosity, what OS were you compiling on that didn't have /dev/urandom available? > > --Quanah This occurs when cross compiling. See: https://github.com/openldap/openldap/blob/master/configure.in#L2197 > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > -- Daniel Kurtz | Software Engineer | djkurtz@google.com | 650.204.0722
--On Wednesday, September 20, 2017 4:06 AM +0000 djkurtz@google.com wrote: >> Out of curiosity, what OS were you compiling on that didn't have >> /dev/urandom available? > > This occurs when cross compiling. See: > https://github.com/openldap/openldap/blob/master/configure.in#L2197 Perfect, tyvm! Patch seems like it should be fairly straight forward. If I send you one, would you be able to test it? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
On Fri, Sep 22, 2017 at 8:05 AM, Quanah Gibson-Mount <quanah@symas.com> wrote: > --On Wednesday, September 20, 2017 4:06 AM +0000 djkurtz@google.com wrote: > > Out of curiosity, what OS were you compiling on that didn't have >>> /dev/urandom available? >>> >> >> This occurs when cross compiling. See: >> https://github.com/openldap/openldap/blob/master/configure.in#L2197 >> > > Perfect, tyvm! Patch seems like it should be fairly straight forward. If > I send you one, would you be able to test it? Yes, I'll try to find time to test it. Thanks for looking into this! In fact, I think I already have one: https://chromium-review.googlesource.com/#/c/563276/4/net-nds/openldap/files/openldap-2.4.45-no-EGD.patch > > > --Quanah > > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > -- Daniel Kurtz | Software Engineer | djkurtz@google.com | 650.204.0722 <(650)%20204-0722>
--On Friday, September 22, 2017 3:08 PM -0700 Daniel Kurtz <djkurtz@google.com> wrote: > Yes, I'll try to find time to test it. Thanks for looking into this! > In fact, I think I already have one: > https://chromium-review.googlesource.com/#/c/563276/4/net-nds/openldap/fi > les/openldap-2.4.45-no-EGD.patch Ok, I'll take a look at your patch as well. Mine is at: <https://github.com/quanah/openldap-scratch/commit/e126bf7ea3c2c7046b08842694fdbf750200894f> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
changed notes
changed notes changed state Open to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
fixed in master fixed in RE24 (2.4.46)
changed notes changed state Release to Closed